There's a problem in the interaction between (ssh and xauth and (linux-vserver or non-127.0.0.1 localhost ip's)):
If you use another ip than 127.0.0.1 (like say, 10.0.1.1) for localhost purposes like me (and use a /etc/hosts file like this:
10.0.1.1 localhost
192.186.1.1 ourvirtualhostname
), then ssh -X into this vserver won't work anymore except when you put "x11uselocalhost no" into the serverside sshd_config - but this opens up your X socket to non-local clients, which is not a good idea when considering the possibility of the presence of security holes in the X server code.
The script here solves the problem: http://pflanze.mine.nu/~chris/vserver/xauth
It changes the hostname for the setup of the authentification cookie from "unix" to "localhost" - this is all it takes to make the X authentification work again.
I'm cross-posting this to the openssh mailing list. Should openssh be changed, or should xauth be changed? What is the reason for the "unix" argument and why doesn't it work for the vserver/'strange-localhost' case?
Cheers Christian. _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
